Lucene search

[email protected]CVE-2006-5232

HistoryOct 11, 2006 - 12:07 a.m.

CVE-2006-5232

2006-10-1100:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-5232

php

remote file inclusion

isearch 2.16

security vulnerability

nvd

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.076 Low

EPSS

Percentile

94.1%

JSON

Multiple PHP remote file inclusion vulnerabilities in iSearch 2.16 allow remote attackers to execute arbitrary PHP code via a URL in the isearch_path parameter in (1) index.php, (2) viewcache.php, (3) sitemap.php, (4) isearch.inc.php, (5) google_sitemap.php, (6) stats.php, or (7) auto_spider_img.php. NOTE: this issue has been disputed by a third party who shows that $isearch_path is set to a constant value. CVE analysis as of 20061010 is inconclusive, although the original researcher is known to make mistakes

CPENameOperatorVersion
isearch:isearchisearcheq2.16

CPE	Name	Operator	Version
isearch:isearch	isearch	eq	2.16

References

www.securityfocus.com/archive/1/448006/100/0/threaded

www.securityfocus.com/archive/1/448099/100/0/threaded

www.securityfocus.com/archive/1/448225/100/100/threaded

www.securityfocus.com/bid/20401

exchange.xforce.ibmcloud.com/vulnerabilities/29402

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.076 Low

EPSS

Percentile

94.1%

JSON